summaryrefslogtreecommitdiff
path: root/client/src/leap
diff options
context:
space:
mode:
Diffstat (limited to 'client/src/leap')
-rw-r--r--client/src/leap/soledad/client/_crypto.py45
1 files changed, 15 insertions, 30 deletions
diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index 22335f9d..aaae7b92 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -201,7 +201,7 @@ class BlobEncryptor(object):
self._hmac_writer = HMACWriter(mac_key)
self._write_preamble()
- self._crypter = VerifiedEncrypter(_aes, self._hmac_writer)
+ self._crypter = PipeableWriter(_aes, self._hmac_writer)
@property
def iv(self):
@@ -276,7 +276,7 @@ class BlobDecryptor(object):
sym_key = _get_sym_key_for_doc(doc_info.doc_id, secret)
_aes = AESConsumer(sym_key, iv, self.result,
operation=AESConsumer.decrypt)
- self._decrypter = VerifiedDecrypter(_aes, _hmac_writer)
+ self._decrypter = PipeableWriter(_aes, _hmac_writer, pipe=False)
self._producer = FileBodyProducer(ciphertext_fd, readSize=2**16)
@@ -354,48 +354,33 @@ class HMACWriter(object):
return self.result.getvalue()
-class VerifiedEncrypter(object):
+class PipeableWriter(object):
"""
- A Twisted's Consumer implementation combining AESEncryptor and HMACWriter.
- It directs the resulting ciphertext into HMAC-SHA512 processing.
+ A Twisted's Consumer implementation that flows data into two writers.
+ Here we can combine AESEncryptor and HMACWriter.
+ It directs the resulting ciphertext into HMAC-SHA512 processing if
+ pipe=True or writes the ciphertext to both (fan out, which is the case when
+ decrypting).
"""
implements(interfaces.IConsumer)
- def __init__(self, crypter, hmac_writer):
- self.crypter = crypter
+ def __init__(self, aes_writer, hmac_writer, pipe=True):
+ self.pipe = pipe
+ self.aes_writer = aes_writer
self.hmac_writer = hmac_writer
def write(self, data):
- enc_chunk = self.crypter.write(data)
+ enc_chunk = self.aes_writer.write(data)
+ if not self.pipe:
+ enc_chunk = data
self.hmac_writer.write(enc_chunk)
def end(self):
- ciphertext = self.crypter.end()
+ ciphertext = self.aes_writer.end()
content_hmac = self.hmac_writer.end()
return ciphertext, content_hmac
-class VerifiedDecrypter(object):
- """
- A Twisted's Consumer implementation combining AESDecryptor and HMACWriter.
- It directs the resulting ciphertext into HMAC-SHA512 processing, then
- decrypt.
- """
- implements(interfaces.IConsumer)
-
- def __init__(self, decrypter, hmac_writer):
- self.decrypter = decrypter
- self.hmac_writer = hmac_writer
-
- def write(self, enc_chunk):
- self.hmac_writer.write(enc_chunk)
- self.decrypter.write(enc_chunk)
-
- def end(self):
- self.decrypter.end()
- self.hmac_writer.end()
-
-
class AESConsumer(object):
"""
A Twisted's Consumer implementation that takes an input file descriptor and